Category: Tips’n’tricks

Testing and assessment methodologies

Overview DotSec specialises in testing applications and services for its online retail, government, finance and banking, legal, investment, online gaming, education, online payments, insurance, telco and data centre clients. At DotSec, we pride ourselves on our independence, and on our ability to bring to focus the skills of experts who do not just test and …

Magento as the coal-miner’s canary

Overview Regular review of web-application logs is not only a requirement for various compliance regimes (such as the PCI-DSS or various IRAP-based programs), it can actually give you good insight into vulnerabilities which arise outside of the web-application itself. In this post we describe how clever analysis of blocked-request logs (in this case to Magento) …